Ok so today we are going to go over how to track all messages sent to a specific domain from the exchange server. This is really useful when trying to find out the cause of why you may have been black listed or to fight a blacklisting. The following code would be run in Exchange management shell:

8 Steps total

Step 1: we will start with : get-transportserver

this part of the script returns you transport servers that send out the mail.

Step 2: Next we Add a "|"

so we can run commands against the result.

Step 3: Get-MessageTrackingLog -ResultSize Unlimited

pulls the Message Tracking Log from the transport servers and the –ResultSize Unlimited make sure to take all of the log.

Step 4: -Start ((get-date).AddDays(-1)) -End (get-date)

sets the time frame in which to pull the information ((get-date).AddDays(-1)) takes the current date and time and goes back one day (24 hours.) -End (get-date) sets the end time equal to when the script is run.

Step 5: Now that we have gotten the logs and time frame we are going to add another "|"

so that we search through all that information for a specific domain

Step 6: WHERE {$_.recipients -like "*aol.com*"}

The domain we are looking for

Step 7: Then we add another "|"

Step 8: out-file "C:\NewScripts\AOLtracker24hours.xls"

output the file to an xls file so we can sort as needed with out-file

Then in C:\NewScripts\AOLtracker24hours.xls we will have a list of all emails sent to the specific domain we choose.

You can then find who is abusing the mail system or which account may be compromised.